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(57) Abstract 



An encryption/decryption unit (EDU) that handles management of encryption ke : used in the secure exchange of data 
over non-secure communication links. Each EDU includes a central processing unit (C - • 0 that controls its operation, random 
access memory (RAM) in which tables of key exchange keys (KEKs) are stored, and a data encryption standard (DES) coproces- 
sor that implements a data encryption algorithm developed by the U.S. National Bureau of Standards - all comprising a module 
that is embedded in a potdng material. Attempts to remove the potting material either by mechanical or solvent means are likely 
to result in loss of the data and program code stored in the module. The CPU includes special drcuhry enabling it to operate in 
an encrypted mode so that it can not be interrogated to discover the program or data stored therein. This program enables the 
EDU (20) to establish secure communications with another similar EDU (28) over a non-secure link. Each EDU establishing a 
secure communications session randomly generates a portion of a session data encryption key (DEK) that is encoded by using a 
KEK from either a public or private table of keys stored in the embedded RAM. The two EDUs exchange the encrypted portions 
of the DEK, decrypt the portions, and then logically combine them to determine the current session DEK. Use of a stored EDU 
ID in each EDU comprising the link prevents a third EDU from bridging the link to tap into the communications between two 
stations. 
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ENCRYPTION/DECRYPTION APPARATUS WITH NON-ACCESSIBLE 

TABLE OF KEYS 
Field of the Invention 
The present invention generally pertains to apparatus for encrypting and 
5 decrypting data, and more specifically, to apparatus for implementing the mayption 
and decryption process with secret encryption ke/s. 

Bflckpround of the Invention 
Procedures for encrypting and decrypting data for transmisaon over non- 
secure radio or telephone links have been highly refined to meet the needs of the 
10 military and industry. An wicryption algorithm that is virtually unbreakable in any 
reasonable time firame, by even the most powerfiil of high-speed computers, has been 
developed and published by U.S. National Bureau of Standards and sanctioned for use 
by industry in this country as an acceptable method for protecting computerized data 
conveyed over non-secure channels. In feet, integrated circuits designed specifically 
15 for encryption and decryption of daU in accordance with this Data Encryption 
Algorithm (DBA) are readily available firom several vendors, such as Western 
Distal™. The algorithm, like most encryption schemes, uses an encryption key to 
encrypt data. Successfijl use of the DEA, and almost any other «icryption/decryption 
algorithm commonly employed, requires that the station receiving the enaypted 
20 transnussion have the same key used to encrypt the data in ord^ to deorypt it. 
Accordin^y, no unauthorized party should know or have access to the encryption key 
that is bdng used. 

Unfortunately, for any prior art encryption/decryption system using the DEA 
or amilar algorithms, extensive security measures are required for managing and 
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periodically chan^ng the encryption keys that are used. Any third party that gains 
access to the encryption key being used to «icrypt data can tap into a non-secure line 
over which encrypted messages are transmitted and then use the key to decrypt 
messages that are intercepted. Even if knowledge of the encryption key used is 
5 limited to those operating the encryption/decryption equipment, there can be no 
assurance that others outside an organization will not breach security and learn the 
encryption key due to failure of someone in the organization to follow security 
procedures. As the size of a network over which secure communications must be 
maintamed expands, the diflBculty in managing the encryption keys used on the 

1 0 network grows exponentially. 

Since any person vsdth access to the encryption keys can breach the security of 
encrypted communications between members of the network, encryption keys must be 
changed on a regular basis. Frequent changes in the encryption keys in use minimizes 
the risk of disclosure by individuals that previously had access to the keys. However, 

IS any such change requires that the new encryption keys be distributed to all stations in 
the network. Typically, the new mcryption keys are hand carried to each station site 
by bonded couriers; nevertheless, it is possible that a courier may compromise 
security. Even if a security breach does not occur, the cost of regularly distributing 
encryption keys to each station of a large network in this marmer may be prohibitive. 

20 For these reasons, it is preferable to use encryption keys at each station in a 

network that are not known to anyone, even those operating the 
encryption/decryption apparatus. Various techniques have been developed to access 
enoyption keys stored in an electronic memory for this purpose. For example, a new 
encryption key can be selected for subsequent encryption of communicatioris between 

25 stations based on the last encryption key that was used, by applymg a secret formula 
to generate the new key. However, if the formula is discovered or otherwise becomes 
known by someone who is outside the organizational network, security of the 
encryption system is breached, since that person can generate the encryption keys that 
will subsequently be used, simply by applying the formula to any previously 

30 discovered key. 

Clearly, it would be preferable to randomly generate the encryption key that is 
used to encrypt data transmitted to another station each time that communications are 
initiated. Yet, random generation of an encryption key at one station inherently 
renders the receiving station unable to decrypt the message, because it does not have 

35 the encryption key used. What is therefore required are means for transmitting the 
racryption key from one station to another in an encrypted form, with some provision 
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that enables the recdving station to deoypt the encryption key. Prior art 
encryption/decryption q>paratus do not provide means to accomplish this task in an 
eflBcient manner that is not easily circumvented. Any key exchange key (KEK) that is 
used in the process of transferring an encryption key for encrypting and decrypting the 
5 message to the other station must be available to both stations, but can not be 
available to anyone outside the secure network of stations. Even if the encryption 
apparatus is available to someone outside the organization, it should be virtually 
impossible to discover the KEKs used by stations comprising the network, if secure 
communications are to be maintained. 

10 The foregoing aspects and many of the attendant advantages of this invention 

over the prior art wiU become more readily appreciated as the same becomes better 
understood by reference to the following det^ed desmption, vAien taken in 
conjunction with the accompanying drawings. 

Summary of the Invention 

IS In accordance with the present invention, encryption/decryption apparatus for 

eng^ring secure communications between two stations include encryption processor 
means for encrypting and decrypting data using a ses^on data encryption key (DEK) 
that is input thereto. Control means coupled to the encryption processor means are 
provided for controlling the operation of the encryption processor means. The 

20 control means supply the encryption processor means with the data for encryption and 
decryption and with an encryption key for use in encrypting and decrypting the data to 
produce an output signal in response to programmed instructions. These 
programmed instructions cause the control means to automatically randomly select a 
part of a session DEK and to combine it with another part of the session DEK 

25 received from the other station to determine the ses^on DEK that will be used by the 
racryption processor means to encrypt data. Non-volatile memory means that are 
coupled to the control means store a plurality of key encryption k^s that are used by 
the encryption processor means in encrypting a part of the ses^on DEK for 
transmission to the other station. The control means select the key encryption key 

30 from the plurality of key encryption keys as a fimction of a check value determined 
with the part of the session key. 

\Wthin the non-volatile memory means is disposed an internal power source 
that provides electrical power to maintain storage of the phirality of key encryption 
keys. Potting means encapsulate the encryption processor means, the control means, 

35 and the non-volatile memory means in a radio and Kght wave opaque material that is 
sufficiently hard and resistant to dissolution by solvents to prevent its removal without 
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damage to interconnections coupling the non-volatile memory means to the control 
means and damage to interconnections supplying electrical power to the non-volatile 
memory means from the internal power source. Such damage causes erasure of the 
plurality of key encryption keys stored in the non-volatile memory means. In addition, 
5 the control means respond to any attempt to externally interrogate the non-volatile 
memory means by causing erasure of the key encryption keys stored therein. 

Multiplexer means are coupled to the control means to receive a data signal 
and a select signal therefrom, and are also coupled to the encryption processor means, 
an output port, and the memoiy means; the multiplexer means selectively convey the 

10 data signal to one of the encryption processor means, the output port, and the 
memoiy means, in response to the select ^gnal. The control means include a non- 
volatile memory for retaining program steps and a unique identification code that 
identifies a specific encryption/decryption apparatus. In addition, the control means 
include means for locking the control means and its non-volatile memory to prevent 

15 data and program steps from bdng read externally after storage of the program steps 
in the non-volatile memory is complete. The means for locking mclude means for 
encrypting data and memory addresses defining memory storage locations withm the 
non-volatile memory of the control means and within the non-volatile memoiy means. 

Brief Description of the Drawings 

20 FIGURE 1 is a block diagram of a communications network comprising two 

stations, each provided with an encryption/decryption unit (EDU) in accordance ^th 
the present invmtion, thereby enabling the stations to establish secure 
commimications over a non-secure line or radio link; 

HGUKE 2 is a schematic block diagram of one of the EDUs shown in 

25 HGURE 1; 

FIGURE 3 is a flow chart illustrating the logical steps implemented at one 
station by the EDU in selecting and encrypting a first portion of a ses^on encryption 
key for transmittal to another station; 

FIGURE 4 is a flow chart illustrating the logical steps implemented by the 
30 EDU at the other station in decrypting the first portion of the session encryption key, 
and in selecting and encrypting a second portion of the session encryption key for 
transmittal to the one station; and 

FIGURE 5 is a flow chart illustrating the lo^cal steps implemented by the 
EDU at the one station to decrypt the second portion of the session encryption key. 
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Detailed Description o f the Preferred Embodiment 
As noted above, one of the more £fficult problems in establishing and 
maintfttning an encrypted communication networic is distributing secure DEKs to each 
station in the network on a regular basis. In HGURE 1, a simple network for 
5 carrying out encrypted communications is shown generally at reference numeral 10. 
Network 10 is shown simply as two stations, including a station 12 and a station 14, 
but it will be appreciated that the networic can comprise many other such stations. 

Both stations 12 and 14 use similar components for encrypting and decrypting 
communications. For example, station 12 includes a data device 16, \^*ich may, for 

10 example, comprise a facsimile machine or personal computer (neither shown 
separately). Data device 16 is connected through lines 18 to an EDUA20. 
Station 12 uses EDU A 20 to establish secure communications over a non-secure Ime 
(or radio link) 22 whh station 14, which includes an EDUB28. EDUB28 is 
connected to a data device 24 over lines 26. Data device 24 is the same type of 

15 device as data device 16. Thus, if data devices 16 and 24 are fecsimile machines, 
commurucations network 10 pemuts secure commurucation of fecsimile mformation in 
an encrypted form between stations 12 and 14 over non-secure line 22. 

Because of the manner in which secure communications are established 
between EDU A 20 and EDU B 28, tapping into non-secure line 22 using a amilar 

20 EDU (not shown) would NOT enable a third party to breach secure communications 
between stations 12 and 14. In the preferred form of the present invention, 
communications between EDU A 20 and EDU B 28 are carried out using a session 
encryption key that is changed with each sesaon and comprises two parts, one part 
randomly selected by EDU A 20, and tiie otiier part randomly selected by EDU B 28. 

25 Thus, the present invention comprises the EDU at each of the communicating 
stations 12 and 14. In establishing secure communications between two stations 12 
and 14, the EDU at each station randomly select its respective portion of the session 
encryption key, encrypts that portion of the session encryption key, and transmits the 
encrypted respecth^e portion of the session encryption key to the other station. Once 

30 both station 12 and station 14 have decrypted the portion of the session encryption 
key developed by the other station, the two portions are logically combined at each 
station to produce the complete or final session encryption key used for encrypting 
data transmitted between stations 12 and 14 during the current session. In addition, 
the EDUs are preprogrammed to ensure that the intended station in a two-way 

35 communication link is actually receiving or transnutting the encrypted data, to guard 
against a third party tapping into non-secure line 22 with another EDU. The EDUs 
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also ensure that the two portions of the session encryption key that are exchanged 
between stations 12 and 14 are correctly recdved and decrypted, thereby protecting 
against data errors that might have arisen in the transmission of the encrypted portions 
of the session encryption key between the two stations or in their decryption. 
5 A block diagram of EDU 20 is shown in FIGURE 2; EDU 28 is exactly the 

same, except for having a different EDU identification number stored within it. 
EDU 20 includes a potted module 30 and an external input/output (I/O) bus 32 for 
providing interconnections between the EDU and the data device (or to other 
components, if the EDU is used as an element of a more Ktensive data encryption 

10 apparatus) that vdll provide the data to be encrypted or will receive the data that is 
decrypted by the EDU. Module 30, which comprises virtually the entire EDU, is 
encapsulated within a radio opaque and light opaque potting compound 34 to prevent 
discovery of the internal circuitry and to prevent forced electromagnetic or visual 
tapping, monitoring, or other forms of penetration that might be attempted to uncover 

15 encryption keys and other information included therein. The potting compound is 
sufiEicientiy hard and resistant to abrasion to prevent its removal without damaging the 
components comprising the EDU or at least causing loss of important data stored 
therein. Of greatest sensitivity to maintaining the security of communications between 
EDUs comprising a network is the need to protect against discovery of KEKs that are 

20 encrypted using a key that is imique to each EDU and is assigned to it when it is 
initialized. The encrypted KEKs are stored as tables within each EDU and are utilized 
for encrypting portions of the ses^on encryption key that are exchanged between two 
stations and subsequentiy logically combined at each EDU to produce a ses^on DEK 
that is used for encryption of data exchanged over non-secure line 22. To avoid 

25 breaching the security of communications on network 10, it is absolutely imperative 
that these KEKs not become publicly known. 

In the preferred form of module 30, two sets or tables of KEKs are stored in 
encrypted form in a random access memory (RAM) 42. One set is called a "public" 
set, since each EDU that will be sold will include this set. The other set is a "private" 

30 set of KEKs, which optionally may be randomly generated by a user for distribution to 
and storage in those EDUs comprising a private network of stations. The significance 
of the KEKs will be apparent fi-om the description that follows. Any attempt to 
expose the internal circuitry of module 30 by use of a chenucal, solvent, or mechanical 
means in order to access RAM 42 electronically or physically so as to access these 

35 data will cause loss of the KEBCs that are stored therein. RAM 42 preferably 
comprises a Dallas Semiconductor™ type DS 1213 smart socket m wMch is installed 
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a memory integrated drcutt (not separately shown) compri^g 128Kx8bits of 
storage, Le., yielding 1,048,576 bits of non-volatile static RAM organized as 131,072 
words by 8 bits. This memory integrated drcuit is a dual in-line package (DIP) 
package configuration of generally conventional design, but the smart socket contains 

5 an internal battery supply (not separately shown) sufficient to maintain data integrity 
in the absence of e?ctemally applied power for a period in ^cess of 10 years. Dallas 
Semiconductor also supplies an integrated circuit non-volatile memory device that 
includes an mtegral internal battery supply, and this type of device can be used in 
place of the smart socket and more conventional memory device combinations. In the 

10 event a chemical solution is used to dissolve potting compound 34 in an attempt to 
discover the KEKs stored in RAM 142, the material comprising RAM 142 (smart 
socket or memory device that includes tiie integral internal battery supply) wiU also be 
dissolved, therd^y disconnecting the internal battery supply and erasing the KEKs 
stored therein. 

15 Operation of module 30 to establish and conduct secure communications is 

controlled by a CPU 36, vAach includes 32K of embedded RAM (not separately 
shown). In the preferred embodiment, a Dallas Semiconductor™ type DS 5000 
microchip integrated circuit is used for CPU 36. The DS 5000 integrated circuit 
includes non-volatile embedded RAM (not separately shown) and all information and 

20 programming stored therein are preserved in the absence of an externally applied 
voltage for up to 10 years. In addition, the internal data registers and key 
configuration re^sters of the DS 5000 integrated circuit are non-volatile. Data stored 
witfiin the embedded RAM that comprise program steps carried out by CPU 36 in 
establishing secure communications can be modified after encapsulation of module 30 

25 has been accomplished with potting material 34; however, initial loading of the 
embedded RAM within the DS 5000 microchip comprising CPU 36 is acconq>lished 
with a conventional universal asynchronous receiver/transnutter (UART) inter&ce 
(not shown) that is connected througih external I/O bus 32 by lines 76. In addition, 
control lines 50 connect CPU 36 to external I/O bus 32 and convey write, read, 

30 interrupt, and signals for ports 0-3 (P1.0-P1.3) of the CPU. 

Data lines (D0-D7) 54 interconnect CPU 36 with RAM 42 and witii a 
buffer 46. Buffer 46 comprises an SN 74HCT245 octal bus transceiver with a three- 
state output that is used to block external access to internal data transfers occurring 
within module 30, thereby preventing an external device fi'om accessing KEKs stored 

35 in RAM 42 and other data transferred between components of the module. Bufifer 46 
is enabled via control signals supplied over a fine 74 by CTU 36 when it is appropriate 
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to aOow bi-directional data transfer to and from esctemal I/O bus 32 through lines 52, 
and therefore to and from an external device. 

To provide additional security, CPU 36 operates in an encrypted mode. The 
encrypted mode is deactivated prior to the initial loading of program steps and data 
5 into the embedded RAM of CPU 36. Before the initial loading of program code and 
data begins during manu&cture of the EDU, a 40-bit encryption mode key is selected 
for use by CPU 36 in the encrypted mode. A data encrypt or circuit and an address 
enciyptor circuit (neither separately shown) within CPU 36 respectively control the 
form in which the program code is stored in the embedded RAM of the CPU and the 

10 addresses at which it is stored. As the initial loadmg of program steps is performed, 
the data encryptor circuit uses the 40-bit encryption mode key to transform or encrypt 
opcodes, operands, and data bytes at each memory location defined by the software. 
Similariy, the address encryptor drcuit uses the encryption mode key m a dififerent 
encryption algorithm to translate or encrypt a logical address of each data byte 

IS location into an encrypted address at which the data are actually stored. The contents 
of the embedded RAM are then verified, and the encrypted mode is enabled by setting 
a security lock bit. After the security lock bit is set to enable operation in the 
encrypted mode, the contents of the CPUs embedded RAM is imintelli^ble to an 
observer that might attempt to tap into its circuitry to discover the program code and 

20 other data stored therein. The address and data enciyptor circuitry provides real time 
translation or decryption of program code and address locations to CPU 36 during 
subsequent operation of the EDU. Only program code and data stored in the CPUs 
embedded RAM that does NOT affect secure operation of the EDU can be changed 
after the security lock bit is set. Any attempt to externally interrogate the CPU to 

25 discover the 40-bit encryption key causes its erasure, rendering the contents of the 
embedded RAM useless. Even if the encrypted program code and data are thereafter 
read back from the embedded RAM in CPU 36, they can not be decrypted without the 
40-bit encryption mode key, which is lost. 

CPU 36 selects a specific storage location for a KEK within RAM 42 by 

30 setting 16 address bits. Lines 58 connect CPU 36 to a latch 44, and lines 60 connect 
latch 44 to RAM 42. To minimize the total number of pins required on CPU 36, the 
first eight address bits (A0-A7) and eight bits of data (D0-D7) use the same pins on 
CPU 36. These address bits and data are alternatively passed between CPU 36, 
latch 44, and RAM 42 over lines 58 and 60, respectively. The eight most sigiuficant 

35 bits of the address are conveyed on lines 56b direcdy fi^m CPU 36 to RAM 42 and to 
external I/O bus 32. The least sigiuficant eight address bits (A0-A7) are carried on 
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lines 56a. In the preferred embodiment, the 16 address bits are avdlable on lines 56 at 
external 1/0 bus 32 to address the embedded RAM in OPU 36 when it is imtially 
loaded or subsequently mocBfied. 

Although CPU 36 controls the operation of module 30, the actual encryption 

5 and decryption of data is implemented by a data encryption standard (DES) 
coprocessor 38. DES coprocessor 38 is designed to encrypt and decrypt 64-bit 
blocks of data using the algorithm specified in the Federal Information Processing 
Date Encryption Standard (No. 46). A transfer rate of 807 kilobytes per second is 
implemented by DES coprocessor 38 under the control of a 10 megahertz clock 

10 circuit 48, to which the DES coprocessor is connected through lines 70. Date are 
transferred between CPU 36 and DES coprocessor 38 over lines 72. In the preferred 
embodiment, a Western Digital™ type DES WD20C03A integrated circuit is used 
for DES coprocessor 38, although other such devices are available fiom other 
suppBers. A decoder/muWpIexer (MUX) 40 is connected through Hnes 68 to DES 

15 coprocessor 38 and through lines 66 to CPU 36. Decoder/MUX 40 is a three-line to 
eight-line circuit that decodes one of eight lines, dependent upon three binary select 
inputs and three enable inputs. lines 66 carry the three binary select signals and the 
output signal from decoder/MUX40 and line 68 carries selectable input 7. In 
addition, lines 62 carry selectable inputs 5 and 6 from RAM 42, while lines 64, which 

20 extend between decoder/MUX 40 and external I/O bus 32 convey sdecteble 
ir^>uts0-4. 

The embedded non-volatile RAM in CPU 36 is loaded with the appropriate 
program steps for controUing the operation of EDU20 at the time module 30 is 
manufactured. In addition, RAM 42 is loaded with a set of 65,535 pubfic KEKs that 

25 are randomly generated from over 72 quadriUion possibilities. Each EDU that is thus 
produced stores the same table of 65,535 randomly generated public encryption keys. 
Any EDU can establish secure encrypted commurucations with any other EDU uarig 
the public KEKs. Also stored in RAM 42 is a user-generated table of over 65,535 
randomly generated private encryption keys. These private KEKs are used for 

30 initiating secure communications with another EDU in the private network that has 
the same table of private KEKs stored within its RAM 42. 

The steps involved in esteblishing secure communications between two EDUs 
are shown in FIGURES 3, 4, and 5. Not shown are any handshaking steps necessary 
to connect two EDUs in communication with each other so that date for a specific 

35 device can be transmitted between them. Preferably, such handshaking steps are 
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implemented by transmitting predefined data blocks between the two devices, but do 
not necessarily require action by either EDU. 

In FIGURE 3, a flow chart 100 identifies the steps taken by EDU B 28, acting 
as the intended recipient, to establish secure communications. It will be apparent the 
5 steps in flow chart 100 could also be carried out by EDU A 20; however, the choice 
was made in the preferred embodiment to have the receiving station start the process 
of determining a session data encryption key, thereby avoiding the possibility that a 
third party posing as another station might tap into the unsecured line with an EDU to 
initiate the secure communications link. The method begins vdth a start block 102. In 

10 a block 104, EDUB 28 generates a 64-bit random data encryption key 1 pHCl), 
which is one of over 72 quadrillion possible data encryption keys (i.e., all possible 
combinations of 56 bits). 

The DEKl is the first portion of a session data encryption key that will be 
subsequently used for transmitting encrypted data between the two EDUs. In a 

15 block 106, EDU B 28 then uses the DEKl as the encryption key in implementing the 
DEA to encrypt one block of data. The use of the DEA to encrypt a single block of 
data is referred to as an electronic code book (ECB) method and is carried out by 
DES coprocessor 38 under the control of CPU 36. The ECB method employs the 
key pEKl) to encrypt a 64-bit zero fimaion, i.e., a fimction comprising 64 logical 

20 zeros, the resuh bdng used to determine a check value. 

In a block 108, a KEK table entry value KEKl compri^ng the 16 least 
significant bits (LSBs) of the 64-bit check value firom block 106 is determined. The 
EDU uses the public or private table for KEKs, as specified by EDU A 20 during the 
handshaking that preceded establishing the secure communications link. The public 

25 table and private table of KEKs each represent a linear array of data, that can be taken 
in groups of four 16-bit words or 64-bits at a time, to define a KEK. The 16 LSBs of 
the check value determine the starting point or table entry value in the selected table 
to determine the 64 bits used as a KEK, as indicated in a block 110. Using the 64-bit 
KEK selected fi^om the table as the encryption key, the EDU encrypts the value DEKl 

30 using the ECB method in a block 1 12. A cyclic redundancy check (CRC) value for 
the KEK table that was selected is then determined in the conventional manner. 

In a block 114, the EDU encrypts the KEK table CRC, its own EDU ID 
number (which is stored in within module 30 and is not user modifiable), and the 
KEKl entry value using a predefined header encryption key and the ECB method to 

35 produce an encrypted key header The header encryption key is stored in the 
embedded RAM within CPU 36 at the time that its programming is initially loaded 
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and is the same fbr each EDU. In a block 1 16, the EDU transmits the encrypted key 
header and encrypted DEKl to EDU A 20, which initiated the communication. 
Althou^ both parts of this transmission are encrypted, they are encrypted at different 
levels of security, since the encrypted key header is ahvays sent encrypted with the 

5 same predefined (although inaccessible) key and the encrypted DEKl uses a different 
key with virtually every communication session between two EDUs. The method for 
establishing secure communications continues with the other EDU, at a block B 11 18. 

In FIGURE 4, a flow chart 120 shows the steps carried out by EDU A 20 (the 
EDU that initiated the communication). How chart 120 begins at block Bl 1 18 and 

10 proceeds to a block 122 wherein the encrypted key header and encrypted DEKl 
received from EDU B 28 are parsed. In a block 124, the encrypted key header is 
decrypted using the predefined header encryption key witii tiie ECB metiiod, enabling 
tiie EDU to determine the KEK table CRC, the encoded EDU ID number of the EDU 
that transmitted the moypted header, and KEKl . 

15 A decision block 126 causes the CPU to determine if the KEK table CRC is 

correct, thereby ensuring that the KEK table used to encrypted the header is tiie same 
as the KEK table that wiU be used by EDU A 20. This stq) prevents two EDUs 
from attempting to communicate if they are using different private KEK tables or if 
the public table in used by one has become corrupted or is different than tiie 

20 normal pubUc table of KEKs for some otiier reason. If tiie CRC value does not match 
the expected value, a block 128 stops communication between the EDUs. Under 
most circumstances, however, tiie KEK table CRC is correct and tiie logic proceeds 
to a block 130. 

In block 130, EDU A 20 determines tiie 64-bit KEK that was previously 
25 selected from tiie public or private table by EDU B 28, using tiie KEKl vahie tiiat it 
just received as an ofifeet to enter tiie table. The 64-bit KEK is tiien used witii tiie 
ECB method to decrypt the value DEKl, as shown in a block 132, 

In a block 134, a validity check is made to ensure tiiat the decryption process 
was carried out correctiy and tiiat the encrypted data were not affected by noise or 
30 . otiier problems during transmission. The validity check is carried out by using tiie 
decrypted DEKl value and tiie ECB metiiod to encrypt tiie 64-bit zero fimction. The 
result provides a check value, tiie 16 LSBs of which are a value KEKl'. The accuracy 
of the encryption/decryption process and transmission is confirmed in a decision 
block 136 if tiie EDU determines tiiat KEK 1 equals KEK 1'. If not. a block 138 
35 provides for indicating tiiat an error has occurred in estabUshing secure 
communications, which leads to a stop block 140. 
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On the other hand, assuming that KEK 1 equals KEK 1', a block 142 directs 
the EDU to generate a 64-bit random value, DEK2, which is the second portion of the 
ses^on data encryption key that will be used to encrypt data transmissions between 
the two EDUs. In a block 144, EDU A 20 performs a logical XOR to combine the 
5 first portion of the session key, DEKl, and the second portion, DEK2, to determine 
the final session data encryption key DEK. 

In a block 146, DEK2 is used with the ECB method to encrypt the 64-bit zero 
fimction in order to determine a second check value. Using the 16 LSBs of the check 
value in a block 148, the EDU determines a table entiy value KEK2. By entering the 
10 spedfied public or private table at the address offset determined by KEK2, four 
consecutive 16-bit words compriang a 64-bit KEK are determined .in a block 150. 
The EDU uses the value of KEK fi-om the table and the ECB method to encrypt 
DEK2inablocklS2. 

With the predefined header encryption key, the EDU A 20 encrypts the KEK 
15 table CRC, its own EDU ID, and the table entry value KEK2, producing an encrypted 
key header in a block 154. The encrypted key header just produced and the encrypted 
DEK2 will be transmitted to EDU B 28 only if the next test is passed in a decision 
block 155. 

Decision block 155 now determines whether the EDU ID that was decrypted 

20 firom the header received firom EDU B 28 in block 124 matches that of the EDU that 
was initially caUed, i.e., confirms that the intended recipient has responded. Since the 
encryption of the EDU ID is carried out automatically by EDU B 28, and can not be 
modified or affected by external signals, it is virtually impossible for a thu-d party to 
use another EDU to break into a communications link and take part m establishing 

25 secure conmiunications, since the encrypted EDU ID that is returned to the station 
that initiated the communication would then not match the expected EDU ID. A 
negative response to decision block 155 causes the process for establishing secure 
communications to be halted at a stop block 157. Otherwise, the process for 
establishing a secure communications link proceeds to a block 156. Block 156 

30 provides for transmitting the encrypted key header and encrypted DEK2 to the other 
EDU, i.e., to EDUB 28, which is the intended recipient for subsequent encrypted 
conununications. Thereafter, the lo^c proceeds to a block A2 158 in FIGURE 5. 

FIGURE 5 illustrates a flow chart 160 defining the steps next implemented by 
EDUB 28. Following block 158, a block 162 provides for parsing the encrypted key 

35 header and encrypted DEK2. The encrypted key header is then decrypted in a 
block 164 using the ECB method in connection with the predefined header encryption 
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key, enabling EDUB 28 to determine the KEK table CRC, the EDU ID of the 
transmitting station, and the KEK2 table aitry value. In a ded^on blodc 166, 
EDUB 28 determines if the KEK table C».C value is correct, i.e., confirms that the 
public or private table of KEKs used by EDU A 20 is the same as that being used by 

5 EDUB 28. Knot, the communication process is halted at a blodcl68. Othovdse, 
die process continues with a block 170. 

Block 170 provides for selecting a 64-bit KEK fi-om the designated table of 
KEKs using the entry value KEK2 as an oflFset. In a block 172, the EDU uses the 
selected KEK value in connection with the ECB method to decrypt the encrypted 

10 DEK2. It then performs a validity check in a block 174, by using the DEO value m 
connection with the ECB method to encrypt the 64-bit zero fimction, thereby 
determining a check value and a table entry value KEK 2' that is based upon the 16 
LSBs of the check vahie. A dedaon block 176 causes CPU 36 to detemune if the 
decrypted KEK2 equals K]l^' that was just detemuned in blodc 174. If not, a 

15 block 178 provides for indicating that an error has occurred, leading to a stop 
block 180. 

However, assuming that the validity check has a positive response, in a 

block 182, the EDU logically XORs DEKl and DEK2 to determine the value of DEK 

for this session. At this point, both the receiving and transmitting station EDUs have 
20 established the current session data encryption key DEK. Before the communication 

sesaon can proceed, one final check is made in a dedsion block 183. 

Dedsion block 183 determines if the EDU ID sent by EDU A 20 in the key 

header that was decrypted in block 164 by EDU B 28 matches an expected EDU ID. 

If not, block 180 stops the process of establishing secure communications between the 
25 two EDUs. Dedaon block 183 tiius detomines if a third EDU has been used to 

intercept communications between EDU A 20 and EDUB 28; if not, the 

communication of encrypted data proceeds at a block 184. 

The sesaon DEK is used m a block 184 by EDU A 20 to enoypt data (such as 

fiu;»mile or computer data) fijr transnussion to EDUB 28, wMch then decrypts it 
30 tiang the same DEK. When EDUB 28 determines tiiat tiie last of the data to be 

transmitted has been received and decrypted, a block 186 provides for resetting both 

EDUs to awtut the next communication. Thereafter, a stop block 188 terminates 

fiirther communication between the two stations. 

During the process of establishing secure communications, neither of the 
35 EDUs linking together transmits DEKl or DEK2 in tiie clear. Either tiie public or 

private table of KEKs is used for enaypting the first and second portions of the 
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current session DEK. Consequently, only another EDU provided with the same 
control program and the same table of KEKs (produdng the same CRC value) would 
be able to decrypt either the encrypted first or second portions of the DEK. Smce the 
software program controlling the operation of the EDUs requires that the EDU ID 
5 number of the stations be encrypted as part of the key header information that is 
exchanged, a third EDU carmot be used to surreptitiously substitute for the intended 
receiving station or transmitting station during the establishment of the secure 
conununication link. Consequently, only the two EDUs at the receiving and 
transmitting stations comprising a link are able to communicate to establish a session 

10 DEK and thereafter carry on secure communications. 

Only an EDU having the same session DEK used to encrypt data can decrypt 
the data. Furthermore, although any EDU can establish secure communications with 
any other EDU using the public table of KEKs, only EDUs having the same private 
table of KEKs (determined fix)m the KEK table CRC value) can establish a 

15 session DEK to communicate with each other. As a result, a corporation that 
generates its own table of private KEKs can ensure that secure communications are 
initiated only with other stations comprising its private network that include ^e same 
table of private KEKs. 

While the DES algorithm is used in the preferred form of the present 

20 invention, it will be appreciated that other encryption algorithms that use an 
encryption key can also be employed. Further, when det^mining a check value, a 
predefined fiinction other than the zero fimction can be used. It should also be 
apparent that the racrypted key header need not include the EDU ID, if a lower level 
of security is acceptable, for example, in a local network of EDUs exclusively u^g 

25 private KEKs. These and other modifications to the present mvention will be 
apparent to those of ordinaiy skill in the art. Accordingly, it is not intended that the 
invention be in any way limited by the description of the preferred embodiment and 
modifications thereto, but instead that the scope of the invention be determined 
entirely by reference to the claims that follow. 
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The embodiments of the invention in which an exclusive property or privilege 
is claimed are defined as follows: 

1. Encryption/decryption apparatus for ensuring secure communications 
between two stations, said encryption/decryption apparatus disposed at each station 
comprising: 

(a) encryption processor means for encrypting and decrypting data 
using an encryption key that is irq)ut thereto; 

(b) control means, coupled to the encryption processor means, for 
controlling the operation of the encryption processor means, said control means 
supplying the encryption processor means with data for encryption and decryption 
and with the encryption key for use in encryptmg and decrypting the data to produce 
an output signal in response to programmed instructions that cause it to automatically 
randomly select a part of a session data encryption key for use by the encryption 
processor means to encrypt data when combined with another part of the session data 
mciyption key received firom the other station; and 

(c) non-volatile memory means, coupled to the control means, for 
storing a plurality of k^ encryption keys used by the encryption processor means in 
encrypting the part of the sesaon data encryption key for transmission to the otiier 
station, said control means selectmg the key encryption key from said plurality of key 
encryption k^ as a fiiriction of a check value detennined by the control means with 
the part of the session key. 

2. The encryption/decryption apparatus of Claim 1, wherein said 
non-volatile memory means include an internal power source that supplies electrical 
power to maintain storage of the plurality of key encryption keys. 

3. The encryption/decryption apparatus of Claim 1, finther compriang 
potting means for encapsulating the encryption processor means, the control means, 
and the non-volatile memory means in a radio and light wave opaque material, said 
potting means being sufficiently hard and resistant to dissolution by solvents to 
prevent its removal without causing damage to interconnections coupling the 
non-volatile memory means to the control means and damage to intercormections 
supplying electrical power to the non-volatile memory means from the internal power 
source, such damage causing erasure of the plurality of key encryption keys stored in 
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the non-volatile memory means, said control means also responcUng to any attempt to 
externally interrogate the non-volatile memory means by causing erasure of the key 
encryption keys stored therein. 

4. The encryption/decryption apparatus of Claim 1, further comprising 
multiplexer means, coupled to the control means to receive a select signal therefrom, 
and coupled to the encryption processor means, an output port, and the memory 
means, for selectively conveying a data signal thereto in response to the select signal. 

5. The encryption/decryption apparatus of Claim 1, wherein the control 
means include a non-volatile memory for storing the programmed instructions and for 
storing a unique identification code that identifies a specific encryption/deciyption 
apparatus. 

6. The encryption/deoyption apparatus of Clmm S, wherein the control 
means include means for locking the control means and its non-volatile memory to 
prevent data and program steps from bemg read externally or changed after storage of 
the programmed instructions in said non-volatile memory is complete. 

7. The encryption/decryption apparatus of Claim 6, wherdn the means 
for locking include means for encrypting data and memory addresses defining memory 
storage locations within the non-volatile memory of the control means and within the 
non-volatile memory means. 

8. Encryption/decryption apparatus for ensuring secure communications, 
comprising: 

(a) processor means for randomly selecting a partial session data 
encryption key; 

(b) encryption means for encrypting the partial session data 
encryption k^, producing an encrypted part key and decrypting another partial 
session data encryption key selected at another location; and 

(c) means for conveying the encrypted part key to an output port 
so that it can be transmitted to the other location and for conveying an encrypted 
signal from an input port, said encryption means decrypting the other partial session 
data encryption key received from the other location as the encrypted signal, said 
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processor means combining the partial sesaon data encryption key to determine the 
current session data encryption key that is subsequently used by it to encrypt data 
transmitted to the other location and to decrypt encrypted signals received from the 
other location. 

9. The aiciyption/decryption apparatus of Claim 8, fiirther compriang 
memory means for storing a plurality of key encryption keys, wherein the encryption 
means select a specific key encryption key from tiie plurality of key encryption keys as 
a fimction of a check vahie, said encryption means encrypting a predefined set of 
characters witii said part of the encryption key to determine the check vahie. 

10. The encryption/decryption apparatus of Claim 9, wherein the means 
for transmitting also transmit tiie check value detomined by ti»e encryption means. 

11. The encryption/decryption apparatus of Clann 10, wherdn the 
decryption means use a dieck vahie recdved from said otiiw location to determine a 
specific key encryption key tiiat was used to encrypt tiie otiier partial session data 
encryption k^. 

12. The encryption/decryption i^paratus of Claim 1 1, wherein: 

(a) the encryption means use tiie other partial sesaon data 
encryption key decrypted by the decryption means to encrypt the predefined set of 
characters, produdng a test vahie; 

(b) said processor means compare the test value witii a check vahie 
received from the otiier location and detect an error if tiie test value differs from said 
chedc value recMved from the other location; and 

(c) if an error is detected in (b), said processor means halt 
communications vnAi said other location. 

13 . The encryption/decryption apparatus of Claim 9, -wherein said memory 
means store a unique idoitification code fi>r that apparatus. 
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14. The enciyption/decryption apparatus of Claim 9, wherein the memory 
means comprise a non-volatile memory circuit including an internal power source, 
said internal power source supplying electrical current to the non-volatile memory 
circuit to retain data stored therein, said memory means bdng encapsulated in a 
material that precludes physical inspection of the memory circuit, preventing 
discovery of the data stored therein, fiuther comprising means for intemipting 
electrical current supplied from the internal power source to the memory circuit so 
that the data stored therdn are erased if the material encapsulating the memory means 
is removed therefrom. 

15. The encryption/decryption apparatus of Claim 8, wherein the 
processor means comprise a central processing unit that is programmed to control the 
encryption means and the decryption means according to a predefined set of 
instructions. 

16. The encryption/decryption apparatus of Claim 8, wherein the 
encryption means comprise an integrated circuit that implements encryption and 
decryption of data from a plurality of sources in response to signals from the 
processor means, using the current session data encryption key, in accordance with a 
predefined encryption algorithm and a corresponding predefined decryption algorithm. 

17. The encryption/decryption apparatus of Claim 9, wherein the memory 
means store a plurality of sets of key exchange keys, further comprising means for 
selecting one of the sets of key exchange keys from which the specific key exchange 
key is determined. 

18. Encryption/decryption apparatus for ensuring secure conmiunications, 
comprising: 

(a) a sealed circuit encapsulated in a material opaque to radio and 
light waves, said sealed circuit comprising: 

(i) a central processing unit that receives and transmits 
data in both an encrypted and decrypted form; 

(ii) a memory circuit coupled to the central processing unit, 
at least one predefined set of key exchange keys being stored in the memory circuit. 
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said key exchange keys stored in the memory circuit being externally inaccesable, 
both physically by mspection and by downloading througji the central processing unit; 

0u) an encryption/decryption coprocessor coupled to the 
central processing umt to iwcdve data therefrom, said encryption/decryption 
coprocessor encrypting and decryptmg the data under control of the central 
procesang unit based upon a spedfied encryption key, the encryption/decryption 
coprocessor selectively generating a second set of key exchange keys that are also 
stored in the memory circuit; 

(b) connector means for interconnecting the sealed circuit with 
external data input and output lines, the encryption/decryption coprocessor selectively 
enciypting the second set of key exchange keys and the coimector means conveying 
the second set of key exchange keys in an encrypted form to an external device for 
distribution to other encryption/decryption apparatus comprising a lunited network, 
whmby only encryption/decryption apparatus compriang the limited network can 
securely communicate vnth each other using the second set of kqr exchange keys, but 
can securefy communicate with other like encryption/decryption apparatus that do not 
comprise the linuted networic uang the predefined set of key exchange keys. 

19. The encryption/decryption apparatus of Claim 18, further comprising 
memory means coupled to the central processing unit, for storing program steps 
controlling automatic determination of a session data encryption key for use in 
encrypting and decrypting data, said session data encryption key being determined in 
part by the central procesang unit lo^cally combining a first randomly selected 
portion of the session data encryption key that is recdved in an encrypted form from 
another location with a second randomly selected portion of the session data 
encryption key that the central processing unit transmits to the other location in an 
encrypted form. 

20. The encryption/decryption apparatus of Claim 19, wherein one of the 
predefined set and the second set of key exchange keys is sdectively used for 
encrypting said other portion of the session data encryption key. 

2 1 . The encryption/decryption apparatus of Claim 1 8, wherein the memory 
circuit stores a unique identification code for the sealed circuit that can not be 
changed, said central processing unit halting operation of the sealed circuit if data are 
received from the other location that specify a different identification code, thereby 
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preventing secure communications vAth an unintended encryption/decryption 
apparatus. 

22. Encryption/decryption apparatus for ensuring secure communications 
between two stations, comprising: 

(a) first processor means at one of the stations for randomly 
selecting a first part encryption key and second processor means at the other of the 
two stations for randomly selecting a second part encryption key; 

(b) encryption means at said one station for encrypting the first 
part encryption key, produdng an encrypted first part k^, 

(c) means for transmitting the encrypted first part key to s£ud other 

station; 

(d) decryption means at said other station for decrypting the 
encrypted first part key to determine the first part encryption key; 

(e) encryption means at said other station for encrypting the 
second part encryption key, producing an encrypted second part key; 

(f) means for transmitting the encrypted second part key to said 
one station; and 

(g) decryption means at s^d one station for deciypting the 
encrypted second part key to determine the second part encryption key, said first 
processor means at said one station and said second processor means at said oth^ 
station then combining the first part encryption key and the second part encryption 
key to determine an encryption key that is used to encrypt and decrypt subsequent 
conmiunications between the two stations. 

23. The encryption/decryption apparatus of Ckrim 21, fiirther comprising 
memory means for storing a plurality of key encryption keys at each of the two 
stations, wherein the encryption means at each station select a specific key encryption 
key fi'om the plurality of key encryption keys as a fiinction of a first check value and a 
second check value, respectively, said encryption means at said one station encrypting 
a predefined set of characters with said first part encryption key to determine the first 
check value, and said encryption means at said other station encrypting the predefined 
set of characters with said second part encryption key to detmnine said second check 
value. 
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24. The encryption/decryption apparatus of Claim 22, wherein the means 
for transnutting from eadi station also transmit the respective first or second check 
value detemuned by the encryption means at each station. 

25. The encryption/decryption apparatus of Claim 23, wherein the 
decryption means at said other station use the first check value received from said one 
station to determine the specific key encryption key that was used by the encryption 
means at said one station to encrypt the first part encryption key, and wherdn the 
decryption means at said one station use the second check value recdved from said 
other station to determine the specific key encryption key that was used by the 
encryption means at said other station to encrypt the second part encryption key. 

26. The encryption/decryption apparatus of Claim 24, wherein: 

(a) the encryption means at said other station uses the first 
encryption key decrypted by the decryption means to encrypt the predefined set of 
characters, producing a test check value; 

(b) said second processor means compares the test check vahie 
vnih the first check vahie and detects an error if the test check value (Offers from the 
first check value; 

(c) the encryption means at said one station uses the second 
encryption key decrypted by the decryption means to encrypt the predefined set of 
diaracters, producing a test check value; 

(d) said first processor means at said one station compares the test 
check value with the second check value and detects an error if the test check value 
differs from the second check value; and 

(e) if an error is detected in (b), said second prQcessor means halt 
communications with s^d one station, and if an error is detected in (d), said first 
processor means halt communications with said other station. 

27. The encryption/decryption apparatus of Claim 22, wherein said 
memory means at each station store a unique identification code for that station. 

28. The encryption/decryption apparatus of Claim 26, wherein the 
encryption means at S2ud one station encrypt the unique identification code of said 
other station, the means for transmitting then transmitting an encrypted identification 
code to said other station, said decryption means at said other station decrypting the 
uruque identification code. 
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29. The enwyptibn/deciyptioii apparatus of Claim 27, whwan said second 
processor means compare the deciypted unique identification code with the unique 
identification code stored in the naemory means and if not identical, halt 
communications -with said one station. 
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